03-26-18 – News These Past Two Weeks

Threat Landscape for Industrial Automation Systems in H2 2017
For many years, Kaspersky Lab experts have been uncovering and researching cyberthreats that target a variety of information systems – those of commercial and government organizations, banks, telecoms operators, industrial enterprises, and individual users.

Threat Landscape for Industrial Automation Systems in H2 2017

Penn State secures building automation, IoT traffic with microsegmentation
Penn State chose microsegmentation technology from Tempered Networks to isolate and cloak traffic from its smart-building systems, which rely on the BACnet communications protocol to share data
https://www.networkworld.com/article/3265065/lan-wan/penn-state-secures-building-automation-iot-traffic-with-microsegmentation.html

Puerto Rico’s Electric Utility Hacked in Weekend Attack
Service was disrupted but no customer records compromised, officials said.
https://www.darkreading.com/attacks-breaches/puerto-ricos-electric-utility-hacked-in-weekend-attack/d/d-id/1331328

Siemens Patches Flaws in SIMATIC Controllers, Mobile Apps
Organizations using SIMATIC products were informed by both Siemens and ICS-CERT this week of a denial-of-service (DoS) vulnerability that can be exploited by sending specially crafted PROFINET DCP packets to affected systems
https://www.securityweek.com/siemens-patches-flaws-simatic-controllers-mobile-apps

Middle East oil and gas companies are unprepared to address OT cyber risk
Cyber security breaches in the Middle East are widespread and frequently undetected, with 30 percent of the region’s attacks targeting operational technology (OT), finds a new study by Siemens and Ponemon Institute

Middle East oil and gas companies are unprepared to address OT cyber risk

Critical Infrastructure: Stop Whistling Past the Cyber Graveyard
An open letter to former colleagues in Homeland Security, peers in private sector cybersecurity firms, those who own and operate critical systems, academics, and politicians
https://www.darkreading.com/critical-infrastructure-stop-whistling-past-the-cyber-graveyard/a/d-id/1331308

PROGRAMS CONTROLLING ICS ROBOTICS ARE ‘WIDE OPEN’ TO VULNERABILITIES
Most manufacturers have connected their operational technology – including industrial control systems and robotic equipment –to the internet, yet the lack of basic security protocols leave these companies open to cyberattacks

Programs Controlling ICS Robotics Are ‘Wide Open’ to Vulnerabilities

Russia accused of burrowing into US energy networks
This week the Department of Homeland Security (DHS) added cyber-intrusion and surveillance of the US critical infrastructure sector to the growing list of accusations – in a move that might have been missed by commentators had it not come packaged with sanctions connected to alleged interference in elections
Russia accused of burrowing into US energy networks

DHS and FBI warn Russia is behind cyberattacks on US infrastructure
The Department of Homeland Security and the FBI released a report today detailing Russian efforts to hack into US government entities and infrastructure sectors, including energy, nuclear, commercial, water, aviation and critical manufacturing sectors
https://www.engadget.com/2018/03/15/dhs-fbi-warn-russia-behind-infrastructure-cyberattacks/

China-linked Hackers Target Engineering and Maritime Industries
Referred to as Leviathan or TEMP.Periscope, the group has been historically interested in targets connected to South China Sea issues, which hasn’t changed in the recently observed attacks. Targets include research institutes, academic organizations, and private firms in the United States
https://www.securityweek.com/china-linked-hackers-target-engineering-and-maritime-industries

IoT security warning: Cyber-attacks on medical devices could put patients at risk
More collaboration is needed in order to ensure internet-connected medical devices can’t cause harm to patients, says research
http://www.zdnet.com/article/iot-security-warning-cyber-attacks-on-medical-devices-could-put-patients-at-risk/

Medical Apps Come Packaged with Hardcoded Credentials
Vulnerabilities in DocuTrac applications also include weak encryption, according to Rapid7.
https://www.darkreading.com/endpoint/medical-apps-come-packaged-with-hardcoded-credentials/d/d-id/1331268

Time of death? A therapeutic postmortem of connected medicine
At last year’s Security Analyst Summit 2017 we predicted that medical networks would be a titbit for cybercriminals. Unfortunately, we were right. The numbers of medical data breaches and leaks are increasing. According to public data, this year is no exception.

Time of death? A therapeutic postmortem of connected medicine

IIC Publishes Best Practices for Securing Industrial Endpoints
The Industrial Internet Consortium (IIC) has published a new paper designed to provide a concise overview of the countermeasures necessary to secure industrial endpoints; that is, the industrial internet of things
https://www.securityweek.com/iic-publishes-best-practices-securing-industrial-endpoints

IIC addresses industrial IoT security on endpoints
In a new document, the Industrial Internet Consortium abridges IEC and NIST publications, offering clear, concise guidance to ensure IIoT security in connected plants
http://internetofthingsagenda.techtarget.com/news/252436665/IIC-addresses-industrial-IoT-security-on-endpoints

IoT Product Safety: If It Appears Too Good to Be True, It Probably Is
Proposed new connected-product repair laws will provide hackers with more tools to make our lives less secure
https://www.darkreading.com/endpoint/iot-product-safety-if-it-appears-too-good-to-be-true-it-probably-is-/a/d-id/1331227

Auto manufacturers are asleep at the wheel when it comes to security
That’s the conclusion of a series of speakers at the Kaspersky Security Analyst Summit. These security researchers have demonstrated how easy it is to introduce software into vehicles to steal data, take control of vital functions, get around alarm and electronic key systems and even crash the car
https://www.theregister.co.uk/2018/03/10/auto_manufacturers_are_asleep_at_the_wheel_when_it_comes_to_security/

Ransomware for robots is the next big security nightmare
Researchers found they were able to infect robots with ransomware; in the real world, such attacks could be highly damaging to businesses if robotic security isn’t addressed
http://www.zdnet.com/article/ransomware-for-robots-is-the-next-big-security-nightmare/

Researchers say quantum computing could improve self-driving cars’ cyber security
Quantum computers could transform the security of self-driving cars, claim researchers
https://www.v3.co.uk/v3-uk/news/3027885/researchers-say-quantum-computing-could-improve-self-driving-cars-cyber-security

Posted in Uncategorized.